RFR: 8241423: NUMA APIs fail to work in dockers due to dependent syscalls are disabled by default [v2]
David Holmes
dholmes at openjdk.java.net
Fri May 28 02:42:05 UTC 2021
On Wed, 26 May 2021 14:28:39 GMT, Jie Fu <jiefu at openjdk.org> wrote:
>> Hi all,
>>
>> NUMA APIs fail to work in dockers due to dependent syscalls are disabled by default.
>>
>> NUMA APIs depend on several syscalls.
>> E.g., `get_mempolicy` is required for `numa_get_membind` and `numa_get_interleave_mask`.
>> But these dependent syscalls can be unsupported for various reasons.
>> Especially in dockers, `get_mempolicy` is not allowed with the default configuration [1].
>> So it's necessary to check whether the syscalls are available.
>>
>> In theory, all NUMA-related syscalls should be checked.
>> But it seems hard to do so because some of them like `mbind` would cause unexpected side effects.
>> So only `get_mempolicy` is checked in the fix, which is already enough for all the default dockers.
>> And this can be refined in the future if it turns out to be a problem.
>>
>> Thanks.
>> Best regards,
>> Jie
>>
>> [1] https://docs.docker.com/engine/security/seccomp/
>
> Jie Fu has updated the pull request incrementally with one additional commit since the last revision:
>
> Remove os::Linux namespace for numa_syscall_check()
Two reviews needed.
-------------
PR: https://git.openjdk.java.net/jdk/pull/4205
More information about the hotspot-runtime-dev
mailing list